Medion Australia hit with $260,000 fine after SIM-swapping scam leads some telco customers to lose thousands
The ACMA says Medion Australia — which is owned by German company Medion AG, itself a subsidiary of Chinese company Lenovo — has been forced to pay a $259,440 fine after the watchdog found the telco had not complied with customer identification rules.
As a result, nine customers had SIM cards illegally swapped or ported and five of them together lost more than $160,000.
According to the ACMA, a process known as SIM-swapping allowed bad actors to take control of the customers’ phone numbers by using their personal details to request a new SIM card.
In Australia, Medion sells mobile products and services in ALDI supermarkets and online under the brand name ALDImobile, but the ACMA told ABC News that Medion’s arrangements with other brands were not within the scope of its investigation.
Medion also entered a court-enforceable undertaking in 2014 after the consumer watchdog found that its “unlimited” ALDI mobile pack placed significant usage restrictions on customers.
ACMA chair Nerida O’Loughlin said the latest situation with Medion’s services could have caused significant harm to users.
“Scammers may then be able to gain access to your online banking accounts and other personal information — in this case, criminals have taken advantage of Medion’s compliance failures,” she said.
New rules introduced in 2022 require telcos to conduct multi-factor identity authentication checks before carrying out high-risk requests like SIM-swaps, disclosure of personal information and account changes.
But ACMA’s investigation found Medion had breached these regulations by failing to verify more than 1,600 SIM-swap requests and one password change request.
In its infringement notice to Medion, the ACMA said the company claimed “a system bug in its online channel allowed a requesting person to complete a SIM swap request via an alternative pathway, without receiving a unique verification”.
Medion has since paid its fine and appointed an independent consultant to review its compliance with customer ID rules.
The company must report to the ACMA on its progress as part of a two-year court-enforceable agreement.
Speaking about Australians broadly falling victim to hackers, Prime Minister Anthony Albanese on Wednesday described the issue as a “scourge”.
“So many vulnerable people being ripped off who’ve acted in absolutely good faith,” he told told radio station FIVEaa.
“We need to make sure that they are protected.”
Mr Albanese said the government was considering measures, including a legislative framework, to ensure victims got their money back.
SOURCE: ABCNEWS